Cybersecurity Course 1 Module 2 Questions
Goals of hackers
-To learn and enhance their hacking skills -To seek revenge -To exploit security weaknesses by using existing malware, programming scripts, and other tactics
Social engineering, such as phishing, is a manipulation technique that relies on computer error to gain private information, access, or valuables. True or False
False; relies on user error
What are the 5 most common Malware attacks
Viruses Worms Ransomware Spyware
What domain does Social engineering attacks fall under
security and risk management domain.
What are the 5 most common phishing attacks
Business Email Compromise (BEC) Spear phishing Whaling Vishing Smishing
What are the the 3 types of social engineering attacks
Malicious USB cable Malicious flash drive Card cloning and skimming Physical attacks fall under the asset security domain.
What are the intentions and motives of inside threats
Sabotage Corruption Espionage Unauthorized data access or leaks
What were the key impacts of the Equifax breach?
The key impacts of the Equifax breach were the fact that millions of customers' PII was stolen and that the significant financial consequences of a breach became more apparent.
What domain does password attacks fall under
the communication and network security domain
A security professional is asked to destroy and dispose of old hard drives that include confidential customer information. Which security domain is this task related to?
Asset security
What domain does physical attacks fall under
Asset security domain
Asset Security
Focused on securing digital and physical assets. Related to the storage, maintenance, retention and destruction of data
Identity and access management
Keep data secure by ensuring users follow established policies to control and manage physical assets, like office spaces, and logical assets, such as networks and applications Ex: giving keycard access
Communication and network security
Manage and secure physical networks and wireless communications
Software developing security
Uses secure coding practices, which are recommended guidelines that are used to create secure applications and services
Security Operations
conducting investigations and implementing preventative measures
Examples of security _____ include security and risk management and security architecture and engineering.
domains
What are two types of password attacks that are common.
Brute force Rainbow tableterm-20
A computer virus is malicious _____ that interferes with computer operations and causes damage.
code
Why are social engineering attacks so effective
Authority: Threat actors impersonate individuals with power. This is because people, in general, have been conditioned to respect and follow authority figures. Intimidation: Threat actors use bullying tactics. This includes persuading and intimidating victims into doing what they're told. Consensus/Social proof: Because people sometimes do things that they believe many others are doing, threat actors use others' trust to pretend they are legitimate. For example, a threat actor might try to gain access to private data by telling an employee that other people at the company have given them access to that data in the past. Scarcity: A tactic used to imply that goods or services are in limited supply. Familiarity: Threat actors establish a fake emotional connection with users that can be exploited. Trust: Threat actors establish an emotional relationship with users that can be exploited over time. They use this relationship to develop trust and gain personal information. Urgency: A thr
What are the 3 main categories of hackers
Authorized hacker unauthorized hacker Semi-authorized hacker
Security assessment and testing
Conducting security control testing, collecting and analyzing data and conducting security audits to monitor for risks, threats and vulnerabilities
Security and risk management
Defines security goals and objectives, risk reduction, compliance, business continuity and the law
Security Architecture and engineering
Optimizes data security by ensuring effective tools, systems and processes are in place
What are the the 10 types of social engineering attacks
Phishing Smishing Vishing Spear phishing Whaling Social media phishing Business Email Compromise (BEC) Watering hole attack USB (Universal Serial Bus) baiting Physical social engineering
What are the intentions and motives of Hactivists
They abuse digital technology to accomplish their goals, which may include: Demonstrations Propaganda Social change campaigns Fame
What are the 8 domains of CISSP security
Security & Risk management Asset security Software & development Security Operations Security Architecture & engineering Identify Access management Security assessment management Security Assessment & testing
Your supervisor asks you to audit user permissions for payroll data to ensure no unauthorized employees have access to it. Which security domain is this audit related to?
Security assessment and testing
You are asked to investigate an alert related to an unknown device that is connected to the company's internal network. After you complete your investigation, you follow company policies and procedures to implement preventative measures that will stop the potential threat posed by the device. Which security domain is this scenario related to?
Security operations
What are the 5 most common Social engineering attacks
Social media Phishing Watering hole attack USB baiting Physical Social engineering
What type of manipulation technique was the LoveLetter attack?
The Love Letter attack was an example of social engineering. Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables.
What is one way that the Morris worm helped shape the security industry?
The Morris worm helped shape the security industry because it led to the development of computer emergency response teams, now commonly referred to as computer security incident response teams (CSIRTs).
What are the intentions and motives of Advanced persistent threats
Their intentions and motivations can include: Damaging critical infrastructure, such as the power grid and natural resources Gaining access to intellectual property, such as trade secrets or patents